diff --git a/.github/workflows/mozilla-ca-cert.yml b/.github/workflows/mozilla-ca-cert.yml deleted file mode 100644 index 2153b67ed642..000000000000 --- a/.github/workflows/mozilla-ca-cert.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: "Update Mozilla CA sub module" -on: - workflow_dispatch: - -jobs: - update_ca_module: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - repository: chia-network/chia-blockchain - submodules: recursive - token: "${{ secrets.GITHUB_TOKEN }}" - - - name: Set up commit signing - uses: Chia-Network/actions/commit-sign/gpg@main - with: - gpg_private_key: ${{ secrets.CHIA_AUTOMATION_PRIVATE_GPG_KEY }} - passphrase: ${{ secrets.CHIA_AUTOMATION_PRIVATE_GPG_PASSPHRASE }} - - - name: "Add changes to new branch" - run: | - cd ./mozilla-ca - git pull origin main - - - name: "Create Pull Request" - uses: peter-evans/create-pull-request@v7 - with: - base: main - body: "Newest Mozilla CA cert" - branch: mozilla-ca-updates - commit-message: "adding ca updates" - delete-branch: true - reviewers: "wjblanke,emlowe" - assignees: "wallentx" - title: "CA Cert updates" - token: "${{ secrets.GITHUB_TOKEN }}" - committer: "ChiaAutomation " - author: "ChiaAutomation " diff --git a/.gitmodules b/.gitmodules index 596e3d8820f0..7949509ba699 100644 --- a/.gitmodules +++ b/.gitmodules @@ -2,7 +2,3 @@ path = chia-blockchain-gui url = https://github.com/Chia-Network/chia-blockchain-gui.git branch = main -[submodule "mozilla-ca"] - path = mozilla-ca - url = https://github.com/Chia-Network/mozilla-ca.git - branch = main diff --git a/Install.ps1 b/Install.ps1 index 39b014c5e149..0fd2f96555e9 100644 --- a/Install.ps1 +++ b/Install.ps1 @@ -37,8 +37,6 @@ if ($null -eq (Get-Command git -ErrorAction SilentlyContinue)) Exit 1 } -git submodule update --init mozilla-ca - if ($null -eq (Get-Command py -ErrorAction SilentlyContinue)) { Write-Output "Unable to find py" diff --git a/build_scripts/pyinstaller.spec b/build_scripts/pyinstaller.spec index 405c11d945b6..ff778fe4d2c2 100644 --- a/build_scripts/pyinstaller.spec +++ b/build_scripts/pyinstaller.spec @@ -123,7 +123,6 @@ datas.append((f"{ROOT}/chia/util/initial-config.yaml", "chia/util")) for path in sorted({path.parent for path in ROOT.joinpath("chia").rglob("*.hex")}): datas.append((f"{path}/*.hex", path.relative_to(ROOT))) datas.append((f"{ROOT}/chia/ssl/*", "chia/ssl")) -datas.append((f"{ROOT}/mozilla-ca/*", "mozilla-ca")) datas.extend(version_data) pathex = [] diff --git a/chia/ssl/create_ssl.py b/chia/ssl/create_ssl.py index 422ecf25ec60..7d5d8b216881 100644 --- a/chia/ssl/create_ssl.py +++ b/chia/ssl/create_ssl.py @@ -5,6 +5,7 @@ from pathlib import Path from typing import Any, Optional +import certifi import importlib_resources from cryptography import x509 from cryptography.hazmat.backends import default_backend @@ -36,8 +37,7 @@ def get_chia_ca_crt_key() -> tuple[Any, Any]: def get_mozilla_ca_crt() -> str: - mozilla_path = Path(__file__).parent.parent.parent.absolute() / "mozilla-ca/cacert.pem" - return str(mozilla_path) + return certifi.where() def write_ssl_cert_and_key(cert_path: Path, cert_data: bytes, key_path: Path, key_data: bytes, overwrite: bool = True): diff --git a/install.sh b/install.sh index c30b666d9ea9..5428ed4fc1b4 100755 --- a/install.sh +++ b/install.sh @@ -58,7 +58,6 @@ if [ "$(uname -m)" = "armv7l" ]; then exit 1 fi # Get submodules -git submodule update --init mozilla-ca # You can specify preferred python version by exporting `INSTALL_PYTHON_VERSION` # e.g. `export INSTALL_PYTHON_VERSION=3.9` diff --git a/mozilla-ca b/mozilla-ca deleted file mode 160000 index f5bc8141510f..000000000000 --- a/mozilla-ca +++ /dev/null @@ -1 +0,0 @@ -Subproject commit f5bc8141510f1e016de70c60aa86d7928bf2c036 diff --git a/poetry.lock b/poetry.lock index a5c805ba9860..cb878eb272a1 100644 --- a/poetry.lock +++ b/poetry.lock @@ -578,10 +578,9 @@ virtualenv = ["virtualenv (>=20.0.35)"] name = "certifi" version = "2024.7.4" description = "Python package for providing Mozilla's CA Bundle." -optional = true +optional = false python-versions = ">=3.6" groups = ["main"] -markers = "sys_platform == \"linux\" and extra == \"dev\"" files = [ {file = "certifi-2024.7.4-py3-none-any.whl", hash = "sha256:c198e21b1289c2ab85ee4e67bb4b4ef3ead0892059901a8d5b622f24a1101e90"}, {file = "certifi-2024.7.4.tar.gz", hash = "sha256:5a1e7645bc0ec61a09e26c36f6106dd4cf40c6db3a1fb6352b0244e7fb057c7b"}, diff --git a/pyproject.toml b/pyproject.toml index ba2060cb0ffc..159066b23f8c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -13,7 +13,7 @@ homepage = "https://chia.net/" [tool.poetry] # see [tool.poetry-dynamic-versioning] -packages = [{ include = "chia"}, { include = "mozilla-ca/cacert.pem" }] +packages = [{ include = "chia"}] version = "0.0.0" [project.scripts] @@ -49,6 +49,7 @@ aiosqlite = ">=0.20.0" # asyncio wrapper for sqlite, to store blocks anyio = ">=4.6.2.post1" bitstring = ">=4.1.4" # Binary data management library boto3 = ">=1.35.43" # AWS S3 for Data Layer S3 plugin +certifi = ">=2023.11.17" # Root CA bundle for SSL certificate verification chiabip158 = ">=1.5.2" # bip158-style wallet filters chiapos = ">=2.0.10" # proof of space chia-puzzles-py = ">=0.20.1"